ModSecurity

The module adds a connector for using ModSecurity rules.

Installation

To install the module, use one of the following packages:

• Angie: angie-module-modsecurity

• Angie PRO: angie-pro-module-modsecurity

Loading the Module

To work with the module, you need to load it in the main{} context:

load_module modules/ngx_http_modsecurity_module.so;

Configuration Example

Specify the modsecurity and modsecurity_rules_file directives in the appropriate context, for example server:

/etc/angie/http.d/default.conf

server {
    modsecurity on;
    modsecurity_rules_file /etc/angie/modsecurity/rules.conf;
    # ...
}

Copy the OWASP Core Rule Set for ModSecurity (CRS) to the /var/lib/angie/modsecurity/ directory:

$ cd /var/lib/angie/modsecurity/
$ sudo git clone -b v4.1.0 https://github.com/coreruleset/coreruleset

Tip

Check the latest release number here: coreruleset/coreruleset

In the directory with the core rules, copy the minimally required ModSecurity configuration examples:

$ sudo cp coreruleset/crs-setup.conf.example coreruleset/crs-setup.conf
$ sudo cp coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example \
      coreruleset/rules/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf
$ sudo cp coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example \
      coreruleset/rules/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf

Uncomment the Include directives below in the /etc/angie/modsecurity/rules.conf file:

Include /var/lib/angie/modsecurity/coreruleset/crs-setup.conf
Include /var/lib/angie/modsecurity/coreruleset/rules/*.conf

Additional Information

Detailed documentation and source code are available at: owasp-modsecurity/ModSecurity.